Is antiworm technology for real?

by Shawna McAlearney, News Writer

Vendors often tout "new technology" that's nothing more than vaporware or a rehash of existing products, but is this true of so-called "antiworm" technology, which promises new detection and prevention techniques to contain worms by weeding out bad traffic?

I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

Please check the box if you want to proceed.

I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.

Please check the box if you want to proceed.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

this true of so-called "antiworm" technology, which promises new detection and prevention techniques to contain worms by weeding out bad traffic?

This technology is being hawked in a number of forms by Mirage Networks, ForeScout, Check Point Software Technologies, Silicon Defense and IBM.

The products vary, but Pete Lindstrom, research director at Spire Security, said antiworm technology is a specialized form of intrusion detection system that, for example, looks for unfulfilled Address Resolution Protocol requests. Some products are based on anomaly detection, while others automatically isolate compromised hosts. Still others redirect worm traffic to a quarantined area to buy time to isolate the worm and keep systems available, Lindstrom said.

Roger Thompson, vice president of product development at PestPatrol Inc., a Carlisle, Pa.-based developer of security tools, said it's difficult to tell at this point if this could be a valuable tool in the security arsenal because it's not widely used and may, in the end, only offer an additional layer of security.

"Genuine worms are certainly the emerging threat," said Thompson. "The biggest problem with a general purpose solution is that all worms are different."

However, virus throttling, yet another type of technology announced by Hewlett-Packard at the RSA Conference in February, will limit the number of Internet connections an infected computer can have. Ostensibly, this will limit the speed at which a worm can spread. HP's Active Countermeasures service will "inoculate" networks by running a periodic vulnerability analysis based on the latest advisories from CERT and other security organizations, then scan the network for vulnerable machines vulnerable and automatically deploys policy-driven mitigation techniques.

"Are these antiworm solutions 'the real deal?'" Lindstrom asked in his Information Security magazine column Directions. "Like any layer in a defense-in-depth scheme, they could certainly help. Ideally in the future, it will either be integrated with other IDS solutions or directly into the network fabric (hubs/switches/routers)."

Lindstrom added that security managers can justify the expense of the technology simply by comparing it to cleanup costs associated with the Blaster worm or any other major malicious code outbreak.

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy